COOKIE_DOMAIN in products.php

[iBeleave]

while doing some cookie work for sb paypal issues, discovered this, line 1762 in products.php

} elseif (COOKIE_DOMAIN !== null) {

COOKIE_DOMAIN is a constant, potentially defined in config.
Thinking this should be something like this instead?

} elseif ( defined(COOKIE_DOMAIN) ) {

[vicos59]

sb paypal issues

What do you mean by "sb" ?

[iBeleave]

sorry, I mean seller_buyer payment_gateways/seller_buyer/paypal.php

TLDR: we use it for auction payments, and it works (sort of) but the file is a serious mess. I don't have time to redo it properly with the paypal api and pdt or ipn, I just need want to let the buyer know that their payment was submitted and let the seller take it from there. In order to do that, I switched the paypal "rm" (return method) to "2" ($_POST instead of $_GET)), I discovered I needed to change the cookies to samesite="none" etc or the user gets logged out on their return. So that landed me in the products.php to see how cookies were being set. (grateful it is now decoded!)

The COOKIE_DOMAIN was not the issue, but puzzled me when the $domain var kept showing up as "COOKIE_DOMAIN", instead of the actual domain. So, there you are. Just thought I would mention it, maybe save someone else a puzzle down the road.

[vicos59]

OK, thanks. I have problems many PayPal payments not completing, including with v20.0. PayPal returns to the site and the user just gets a white screen. The order gets set to "awaiting approval" status (or something like this) and only an admin can clear that. The user is left clueless about what happened.

Have you seen this sort of behavior?

BTW, I was scanning the code for PayPal payments and the code relies on some PEAR libraries which look to be very old. The current PEAR seems vastly different, so I doubt it would be a drop and replace operation to update it.

[vicos59]

BTW, you might already know this, but in your config.php:

//If your server does not properly set the domain name for cookies,
//un-comment the following line, and replace the domain name with
//the proper setting.  DO NOT CHANGE unless necessary, or instructed
//by Geodesic Support to do so.
// (un-comment to change)
#define ('COOKIE_DOMAIN','.YourClassifiesSite.com');

Did you check to see if/how it is set?

[iBeleave]

Have you seen this sort of behavior?

BTW, I was scanning the code for PayPal payments and the code relies on some PEAR libraries which look to be very old. The current PEAR seems vastly different, so I doubt it would be a drop and replace operation to update it.

No, we have not been using the main PayPal gateway - had issues with it years ago and gave up (although it may have just been users error?) I'll keep an eye out though, if I run into something.

I agree, the PayPal gateway itself probably needs an entire rewrite, to bring it up to modern standards. For seller/buyer we are essentially just using PayPal buttons to send bidders over to PayPal for payment, and not really processing on our end. It's quaint, but it still works for our purpose. :)

[iBeleave]

BTW, you might already know this, but in your config.php:

Did you check to see if/how it is set?

Yes, thanks, did check there. Mine is still commented out on development, which is why I was puzzled. Turns out checking if a CONSTANT is not null doesn't work, so $domain was just getting set as if COOKIE_DOMAIN was a string ($domain = COOKIE_DOMAIN) , and it was falling back to $realDomain, which was working, but may or may not have been correct? On my production site COOKIE_DOMAIN is defined, so it always used that anyway.

[blufyremedia]

Just adding a quick note on this one

COOKIE_DOMAIN is set to NULL in the config.default.php file.

Config items such as this are defined by default in config.default.php. Your config.php file then loads on "top" of this, overriding the defaults with any custom configurations. This allows the system to ensure, at a minimum, that defaults are set, and use your custom variables only if provided - that way your config.php file does not need to declare everything.

If COOKIE_DOMAIN isn't defined, then it is likely config.php was being used directly, without the config.default.php base as it should be.